Jetico Central Manager. Administrator Guide

Transcription

1 Jetico Central Manager Administrator Guide

2 Introduction Deployment, updating and control of client software can be a time consuming and expensive task for companies and organizations because of the number of workstations involved. Jetico Central Manager included as a feature in Enterprise Editions of Jetico software is used to remotely deploy the software across all workstations, automatically update the software, monitor usage of encrypted containers and disk volumes, distribute security policies and centrally manage recovery information necessary to access encrypted data in case of emergency. Jetico client software provides a wide range of data protection solutions on remote workstations store selected files and folders in encrypted containers, encrypt whole disk partitions and dynamic disk volumes, wipe selected files and folders manually or automatically. Proper use of any security software requires maintaining a specified common policy for an entire company. An IT Admin is able to use Jetico Central Manager to create special security tasks in a central database and automatically distribute them to remote computers. To further ensure safe usage of the client software, Jetico Central Manager gathers rescue information from remote computers. An Administrator could then use the rescue information in case of emergency, such as when users forget their passwords. Beyond simply distributing tasks to remote computers and gathering information, Jetico Central Manager also allows an IT Admin to monitor user activity when they are running the client software. Log messages sent to the Jetico Central Manager Database report configuration changes as well as other security related events. The Administrator can also create reports in HTML format about the current state of the software on client computers. Jetico Central Manager is a flexible and convenient tool for controlling client software on remote computers. Centrally managing a network of workstations immediately results in greater reliability and security far superior to allowing a large organization of computers to independently run data protection software on their own. 2

3 Main Functions Jetico Central Manager provides an IT Admin with a wide range of functions to control client software on remote computers. Such functions include deploying and updating client software, remotely distributing security configuration data and gathering rescue and log information from client computers. Jetico Central Manager can manage the following software on client computers: BCWipe: permanently delete selected data files on active workstations, including wipe free space BestCrypt Container Encryption: store selected files or folders in encrypted containers with access to data through virtual drives BestCrypt Volume Encryption: encrypt all data stored on whole Windows partitions or volumes Jetico Central Manager allows an administrator to do the following: Deploy Jetico software remotely from Jetico Central Manager Console Update Jetico software automatically Distribute security policies that includes: Configure BCWipe on client computers to run wiping tasks according to a set schedule Initiate encryption of client computers from Central Manager Console. Gather information about encrypted containers created on remote computers; Administrator can use the information for recovering data inside the containers in case of emergency Store rescue information about encrypted partitions/volumes from client computers; Administrator can use the information for recovery decryption of partitions on client computers Jetico Central Manager provides administrator with the means to monitor the correct use of Jetico software on client computers: All client software can send log information to a central database about events on client computers, such as when BCWipe successfully receives updated configuration from the server Administrator can monitor the status of client software, such as which disk partitions are encrypted and which are not Administrator can create reports in HTML format with information about current security status of client computers Jetico Central Manager enables an administrator to automate his/her own work: Administrator can set a schedule for automatic update of client software; Administrator can set a schedule for automatic backups of the Jetico Central Manager Database Jetico Central Manager handles security issues when sensitive information from client computers is gathered in a central database: All network traffic between client computers and a server is encrypted with a unique session key and public/private key technology Sensitive information in the Jetico Central Manager Database is encrypted Jetico Central Manager implements two-level database administration: Supervisor can run all control functions and can delegate rights to Administrator; Supervisor can change Administrator credentials or remove Administrator account at any time Jetico Central Manager provides Administrator (or Supervisor) with a unified interface to run all control functions. The user interface is designed to be intuitively clear to make all administrative work as effective as possible. See also: Deployment of Client Software Remotely 3

5 New features in Jetico Central Manager v.2 1. Version 2 of Jetico Central Manager can control BestCrypt Container Encryption, BCWipe and BestCrypt Volume Encryption software on client computers. Jetico Central Manager software architecture is designed so that support of other utilities can easily be added in future Jetico Central Manager v.1 (initially known as BestCrypt Corporate Edition) requred installation in Windows network with Domain Controller. The new version 2 of Jetico Central Manager also uses all the advantages provided by Domain Controller network, but now it is not an absolute requirement. The new version can work in a network without Domain Controller. Furthermore, the Administrator of Jetico Central Manager can manage a mixed network environment, including all workstations in Windows Domain as well as guest computers not permanently included in the Domain Jetico Central Manager uses a platform-independent encrypted TCP/IP protocol for client/server communication. Together with independence of Windows Domain Controller protocols, this allows the software to manage Jetico client software running on computers with non-windows operating systems. The upcoming releases of BestCrypt for Linux and MacOS will include client modules similar to the ones developed for Windows versions of the software and can be managed by Jetico Central Manager software Jetico Central Manager v. 2 allows an Administrator to use Push and Manual deployment methods. Administrator can also use a third-party program (e.g., Microsoft SCCM, LANDesk) to deploy Jetico client software on remote computers (so called Outside method) Jetico Central Manager provides detailed logging of events happening on remote computers as well as logging of all actions run by an Administrator in the Jetico Central Manager Console. The user can configure the log output Administrator of Jetico Central Manager can create reports in HTML format about the current state of Jetico software on client computers Administrator can group Computers in Jetico Central Manager Database and then control a group of computers as if they were a single computer. For example, an Administrator can set a common BCWipe wiping task for such a group; then if the Administrator changes the task, it would automatically be changed for all computers in that group Jetico Central Manager implements two-level database administration: by Supervisor and by Administrator. Supervisor can run all control functions and can delegate rights to Administrator; Supervisor can change Administrator credentials or remove Administrator account at any time. See also: Deployment Client Software Remotely Push deployment method Outside/Manual deployment methods Jetico Central Manager reports Computers in Jetico Central Manager Database Supervisor and Administrator of Jetico Central Manager Database 5

7 Jetico Central Manager Installation Jetico Central Manager software consists of two main modules: Jetico Central Manager Console - program with graphic user interface enabling an Administrator to control all the software functionality Jetico Central Manager Database - service supporting the database and responding to requests received from client computers Jetico Central Manager Console and Jetico Central Manager Database can be installed on different computers with Windows operating system or on the same computer. The computer for installing Jetico Central Manager Console is typically the administration console computer where an administrator runs programs to control the enterprise network and client computers. The computer for Jetico Central Manager Database should be a server computer that is always available in the enterprise network because client computers may send requests to the Database at any time. The installation program installs Jetico Central Manager Console. Run the installation program on a computer that is suitable for running the Jetico Central Manager Console program. The Jetico Central Manager Setup program uses the standard Windows method for installing software and provides all necessary explanations of the installation details. The only default information the user may want to change during installation is the Program Folder name for the Jetico Central Manager software and the Destination Directory name where to place program files. All dialog windows of the Setup program have the following buttons: [Cancel] - click this button to abort installation [Next] - click this button to proceed with the installation [Back] - click this button to return to the previous step NOTE: The Jetico Central Manager Setup program also writes data to the Windows Registry database, places dynamic load libraries in the system WINDOWS\SYSTEM directory, and prepares a file for the uninstall procedure. Please do not perform any manual manipulations to install or uninstall the Jetico Central Manager software in order to prevent the appearance of unused garbage software in the system directory or unused strings in the Registry database. When you run Jetico Central Manager Console for the first time, the Jetico Central Manager Wizard will guide you through the installation process for the Jetico Central Manager Database module. See also: Jetico Central Manager Wizard 7

9 Jetico Central Manager Wizard Jetico Central Manager Wizard provides an easy way to perform initial configuration of Jetico Central Manager Database. The Wizard explains every step of the configuration in a separate dialog window. There are five steps to configure the software: 1. Select folder on local or remote computer for installation of Jetico Central Manager Database. Please keep in mind the following considerations when you select folder for the Database installation: a. Jetico Central Manager Database is supported by special service. So the program will install the service on the computer where the Database is located. Confirm that installation of the service is allowed on the computer. b. Computer with the Database should be powered on while remote client workstations may need to contact it. 2. Enter credentials of administrator account valid on the computer where the Jetico Central Manager Database is going to be installed. 2. If you have Windows network with Domain Controller, enter credentials of domain administrator. Otherwise enter username and password of administrator of the computer where Jetico Central Manager Database is going to be installed. 3. Enter TCP/IP port number for network communication between clients and Jetico Central Manager server computers. Please be sure that TCP/IP port number you enter is not blocked by firewall software installed on computers in the enterprise network. 4. Initialize password of Supervisor of Jetico Central Manager Database. 4. Note that there are two kinds of persons in Jetico Central Manager who can control the software: Supervisor and Administrator. 4. Supervisor has all rights to administrate the Database and can delegate the rights to another person - Administrator. 4. Administrator also has full rights to manage the Database, but Supervisor can change or remove the Administrator Account at any time. 5. Select and download Jetico client software (i.e., BCWipe, BestCrypt Container Encryption, BestCrypt Volume Encryption). 5. Jetico Central Manager can support any combination of the client software. For example, some organizations may decide only use BCWipe, while others might use BestCrypt Container Encryption with BestCrypt Volume Encryption or perhaps BestCrypt Volume Encryption and BCWipe. It is also possible to initially start using Jetico Central Manager with just one client software (such as BCWipe) and then extend licensing to include BestCrypt Container Encryption. 5. Choosing the set of client software supported by Jetico Central Manager is done in the configuration Wizard. Yet it is also possible to do the same at any later time by running a List of Supported Client Software command from Software menu in Jetico Central Manager Console. 5. NOTE: Before installation of the Jetico Central Manager Database please check the network settings as written in the Pre-deployment Steps article. The instructions are suitable for Database installation as well as for Jetico client software deployment. See also: Deployment of Client Software Remotely Supervisor and Administrator of Jetico Central Manager Database Pre-Deployment Steps Deployment Error Codes 9

11 Using Jetico Central Manager This section describes the main steps for using Jetico Central Manager software and provides references to corresponding articles explaining them in greater detail. The primary purpose of Jetico Central Manager is to provide an administrator of an enterprise network with means to install Jetico client software on remote computers automatically and then control the software from a central management console application (Jetico Central Manager Console). Articles in section Deployment Client Software Remotely explain how the administrator can deploy Jetico client software on remote computers, which methods of deployment are preferred in a network with Domain Controller, how client computers have to be pre-configured and other issues related to the deployment process. Articles in section Central Management of Client Software explain how the administrator can manage BCWipe, BestCrypt Container Encryption and BestCrypt Volume Encryption software deployed on remote computers and what information the administrator receives from the computers. Articles in section Jetico Central Manager Database explain how the administrator can backup and restore the Database, automate updating client and server software, what is meant by Administrator and Supervisor accounts and other management procedures. See also: Deployment of Client Software Remotely Central Management of Client Software Jetico Central Manager Database 11

13 Deployment of Client Software Remotely Jetico Central Manager software allows Administrator of an enterprise network to deploy client software on remote computers without visiting every computer and running setup program on the computer. The Administrator runs the deployment of the client software from the Jetico Central Manager (JCM) Console. All the settings and procedures necessary to run the deployment are available in Deployment tab in the right pane of the program. JCM supports several software packages on client computers: BCWipe, BestCrypt Container Encryption and BestCrypt Volume Encryption. The Administrator may wish to install only one of these packages, then decide to install another one. It is also possible that number of software supported by JCM will increase. To make the process of adding or removing client software easier, JCM has a single deployment Agent distributed to client computers. Once the Agent is installed on the client computer, it monitors settings the Administrator makes for client software installation. Depending on the JCM settings the client deploys or removes software on the client computer automatically. To make all the processes of deployment client software and then to get them updated automatically, the Administrator should only distribute/install JCM Agent to all the client computers. There are three ways to do that: Manual deployment. The Administrator runs JCM Agent installation program on the client computer manually. Outside deployment. The Administrator uses third-party deployment mechanisms to distribute and run JCM Agent installation program on the client computers. For example, System Center Configuration Manager - SCCM. Push deployment. The deployment method is avalable for computers that are members of Windows Domain. With this method Administrator marks computers where the Agent should be installed in JCM Console Deployment tab and JCM sends necessary instructions to Windows Domain Controller Server to complete the task. See also: Pre-Deployment Steps Deployment Steps and States Push deployment method Outside/Manual deployment methods Deployment Error Codes 13

14 Pre-Deployment Steps If computer where Jetico Central Manager Database is installed has Windows Firewall active, configure the Firewall to allow TCP/IP port used by Jetico Central Manager (JCM) for client/server communication. (Default port number is Administrator sets the port when runs Jetico Central Manager Wizard to initialize Jetico Central Manager Database. You may also get information about the port number by running command Select Server Computer from Database menu.) Configuration settings for Push deployment method Push deployment method is available in JCM for computers that are members of Windows Domain network. With this method the JCM Console Administrator marks client computers that should get Jetico client software installed in JCM Console Deployment tab. Then JCM sends all necessary instructions to Domain Controller to install Jetico software on remote client computers. To utilize the Push deployment method computer where JCM Console runs must have Microsoft Remote System Administration Tools (RSAT) package installed. Read more about RSAT in Microsoft Remote System Administration Tools (RSAT) installation article. See also: Jetico Central Manager Wizard Microsoft Remote System Administration Tools (RSAT) installation 14

15 Deployment Steps and States This article explains steps of deployment and uninstallation of Jetico client software on remote computers and how an administrator controls the processes with Jetico Central Manager Console. The following picture illustrates states of the deployment and uninstallation processes. Deployment process starts from State 1: Software is not deployed. To run the deployment process Administrator should do the following: 1. Select a computer in the left pane of the Jetico Central Manager Console. 2. Select Deployment tab in the right pane of Jetico Central Manager Console. 3. For a certain computer, decide what client software should be deployed (for example, BCWipe only, or all available client software). 4. Click corresponding check boxes in the table in the Deployment tab that lists computers and software that should be deployed. 5. Choose a deployment method in Deployment method column. 6. Click [Apply]. Check boxes for software that has to be deployed appear in a checked state with a red colored plus mark. The red mark means that Administrator has assigned the software for deployment but has not yet applied the settings. Jetico Central Manager has not saved the settings to database yet, so if Administrator quits the program or clicks [Cancel], Jetico Central Manager will forget the settings. Such a state of deployment process is State 2: Software is assigned for deployment. If Administrator clicks [Apply] in the Deployment tab, Jetico Central Manager saves all the settings made on Step 2 to database. If Push deployment method is assigned, the deployment proceeds in the following way: JCM sends the request to Domain Controller to configure Group Policy settings for the client computer to start the software installation after reboot. When client machine is turned on or rebooted, and if the Group Policy is successfully updated, the Installation Agent and the client software will be installed at the next reboot. If Outside/Manual deployment method is assigned, the deployment will be started after running the program on the client machine. Until then, the deployment process will remain in State 3: Software is queued for deployment. As soon as Jetico Central Manager deploys client software on remote computer, the database sets State 4: Software is deployed for the computer. The following picture illustrates Deployment tab in Jetico Central Manager Console where different computers are in different states of the deployment process. 15

16 To uninstall the client software Administrator should do the following: 1. Click checkbox for corresponding software and computer in the Deployment tab If the software is in State 4 (software is deployed) or State 3 (software is queued for deployment), Jetico Central Manager will set State 5: Software is assigned for uninstallation for the computer. Red colored minus mark corresponds to the state, because administrator has just clicked the checkbox, but not applied the new setting yet. If Administrator quits the program or clicks [Cancel], the state will return back to a previous state of the software If Administrator clicks [Apply] in the Deployment tab, Jetico Central Manager saves all the settings made on Step 5 to database. Since that moment state of the uninstallation process becomes State 6: Software is queued for uninstallation At State 6, Jetico Central Manager will run process of unistallation of the software from remote computer when it will be possible. Uninstallation process can be run when the user logs on to remote computer. When the client software gets uninstalled from the remote computer, Jetico Central Manager sets initial State 1: Software is not deployed for the computer. NOTE: There is another way to uninstall the client software: delete the computer from JCM database. In that case, if the deleted client computer is turned on or rebooted, the client software will be uninstalled and also Installation Agent will be removed. Note that on every step of deployment or uninstallation software from remote computers some problem may arise. The table with list of computers in the Deployment tab has the Error code column with number of error occurred (or with No error status if everything is going on correctly). Read article Deployment Error Codes to get detailed explanations and possible solution for the problem. Administrator can configure a whole group of computers for deployment of the client software. In this case Administrator should just click checkbox with name of the group. Since 16

17 that time the state Administrator sets for the group will be automatically applied for all the computers from the group. See also: Pre-Deployment Steps Push deployment method Outside/Manual deployment methods Deployment Error Codes 17

18 Push Deployment Method Push deployment method is available in JCM for computers that are members of Windows Domain network. To utilize the Push deployment method computer where JCM Console runs must have Microsoft Remote System Administration Tools (RSAT) package installed. Read more about RSAT in Microsoft Remote System Administration Tools (RSAT) installation article. NOTE: only Domain Administrators are allowed to run the Push deployment on remote computers. So when you run JCM Console, you should be logged on as a user from Domain Administrators Group. Besides, computer where JCM Console runs should belong to the Domain. To run Push deployment Administrator should do the following: 1. Select Deployment tab in the right pane of Jetico Central Manager Console. 2. Select a group or computer in the list and set checkbox for the group or computer in the Group or Computer column. 3. Set checkboxes in columns that correspond to the client software you want to get deployed on the computer (for example, set checkbox in the BCWipe or BestCrypt Container Encryption column). 4. Double-click combo-box from Deploy method column for the computer and select Push string from the combo-box. 5. Click [Apply] to start the deployment process or click [Cancel] to restore previous deployment settings for the computer. The deployment proceeds in the following way: JCM sends the request to Domain Controller to configure Group Policy settings for the client computer to start the software installation after reboot. When client machine is turned on or rebooted, wait until the Group Policy is successfully updated on the client. The Installation Agent and the client software will be installed after next reboot of the client, because the installation command is included in Windows Startup script. JCM Console updates the deployment status to Deployed and corresponding message appears in the log file in the bottom part of Deployment tab. See also: Pre-Deployment Steps Deployment Steps and States Deployment Error Codes 18

19 Outside/Manual Deployment Methods Jetico Central Manager (JCM) simplifies the process of deployment of the client software on remote computers in the following way. There is a number of Jetico software that can be installed on client computers (BestCrypt Container Encryption, BCWipe, BestCrypt Volume Encryption). The JCM Administrator may wish to install or uninstall, or update any of them. To be able to do that from JCM Console program without visiting the computers, the Administrator should install so called JCM Deployment Agent on every client computer. To install JCM Deployment Agent the Administrator should run its installation program (JCIxxx.EXE) on client computers. Article Push deployment method describes how it can be done if the client computers belongs to Windows Domain Network. This article describes alternative methods to install the JCM Agent. Manual deployment method The JCM Administrator can install JCM Deployment Agent on client computer manually. It can be done in the following way: 1. Click [Client software] in the Deployment tab. The following dialog window will appear: Choose Manual deployment method and mark checkboxes corresponding to the software you plan to deploy on client computers (BCWipe and/or BestCrypt Container Encryption and/or BestCrypt Volume Encryption). 3. Click [Make Copy] to copy the JCIxxx.EXE Agent installation program to the folder where from you are going to run the program. 4. Click [Exit] to close the dialog window. 5. On every client computer, run the JCIxxx.EXE program. 19

20 When you run the Agent installation program, you will get message boxes on the client computer informing you about results of deployment client software on the computer. Besides, you will get the same information in the Log window in the Deployment tab in the JCM Console. Outside deployment method The JCM Administrator can use a third-party deployment software to automate installation of JCM Deployment Agent on client computers. For such a software you should prepare JCIxxx.EXE JCM Agent installation program almost in the same way as you prepare it for Manual installation method described above. The only difference is in choosing Outside method on step 2 of creating the JCIxxx.EXE file. JCIxxx.EXE program created with Outside option will behave slightly differently on the client computer: the program will not display any messages on the client computer that would inform about any progress in running the program. Instead, all the messages will be sent to JCM Database and displayed in the Deployment tab in the JCM Console. NOTE: The JCM Administrator may add computers to JCM Database prior to running JCIxxx.EXE program on client computers. Then the Administrator should choose Outside/ Manual deployment method for the computers. It is a recommended way to organize the deployment, because in this case the Administrator can easily monitor status of the installed software on the remote computers. NOTE: It is also possible to run JCI.EXE program from \\JCM_SERVER_NAME\BCInstal shared folder with command-line parameters: -R[server_name], -P[port_number] and S[name of the client software that should be installed]. JCM_SERVER_NAME - name of the computer where JCM Database is installed <W> flag - BCWipe client software <B> flag - BestCrypt Container Encryption client software <V> flag - BestCrypt Volume Encryption client software EXAMPLES: >JCI.EXE -RJCM_SERVER_NAME >JCI.EXE -RJCM_SERVER_NAME >JCI.EXE -RJCM_SERVER_NAME >JCI.EXE -RJCM_SERVER_NAME -P5001 -P5001 -P5001 -P5001 -SW (install BCWipe) -SB (install BestCrypt Container Encryption) -SV (install BestCrypt Volume Encryption) -SWBV (install all software) See also: Pre-Deployment Steps Deployment Steps and States Deployment Error Codes 20

21 Deployment Error Codes When Jetico Central Manager encounters a problem during client software deployment, the error number is reported in Error code column in Deployment tab in Jetico Central Manager (JCM) Console. Column Action describes operation that caused the error and may also contain short description of the problem. There are three groups of errors that may be reported during client software deployment: Errors reported in JCM Console when Administrator chooses Push deployment method for client computers. Errors happened when configuration of Push installation completed successfully in JCM Console, but installation of JCM client software does not start even when the client computer restarts. Errors reported on client computers when Administrator chooses Manual or Outside deployment method and runs installation program on the computers. The following sections describe the errors in more detail. I. Errors reported in JCM Console for Push deployment method Error 1 JCM Console program could not locate Windows Domain Controller computer in a local network. Please check that Domain Contoller computer is running and accessible from the JCM Console computer. Error 2 Computer with JCM Console running appears as not belonging to Windows Domain. Error 3 User logged on the computer is Local User, but should be Domain User. Error 4 User logged on the computer with JCM Console has no rights of Domain Administrator. Error 5 Computer where JCM Console runs must have Remote System Administration Tools (RSAT) package installed. Read more about RSAT in Microsoft Remote System Administration Tools (RSAT) installation article. Error 6 JCM Console could not define Netbios name of Domain Controller computer. Please check that Domain Controller Server can be accessed with its Netbios name from the computer where JCM Console is running. Error 7 Request from JCM Console to create new group of computers called JCM Group [server_name] failed. JCM Console should create the group automatically inside a standard Computers group in Domain. If it does not happen, try to find some entry in Windows Event log that may relate the error. You may also send the text and error codes to Jetico Technical Support for further assistance in solving the problem. Error 8 JCM Console could not define define Fully Qualified Name for the client computer where Push deployment should occur. Error 9 JCM Console could not add the client computer to JCM Group of computers. Please check that the group exists inside a standard Computers group on Domain Controller. Error 10 JCM Console could not create Group Policy Object for JCM Group of computers. NOTE: Windows Event Viewer may report errors related to the JCM Console attempt to create JCM Group of computers or define Fully Qualified Name for the computer. If it does not help, please note that JCM Console log window contains short description of the errors, for example: "Could not define Fully Qualified Name for the computer (error code 7, 200)". You may send the text and error codes to Jetico Technical Support for further assistance in solving the problem. 21

22 II. Configuration of Push installation completed successfully in JCM Console, but installation of JCM client software does not start. 1. If files C:\Windows\jci.log or C:\Windows\smip.log exist, information inside them may help to define source of the problem. 2. Check errors reported in Windows Event Viewer. Pay special attention to Events with GroupPolicy source. For example, error may look like: The processing of Group Policy failed. Windows attempted to read the file \\jetico\sysvol \jetico\policies\{ea385be5-1a41-4a dfc37053e2da}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. 2. After solving the problem reported in the Event Viewer please restart the client computer and check that JCM client software installation starts. 2. NOTE: After updating Group Policy on the Domain Controller, it is not updated on the client machines at once. By default, the timeout is 90 minutes. For testing purposes, if administrator wants to be sure that it works properly, it is possible to force the Group Policy updating for one particular test client. To do so, run Command Prompt on the client 'as administrator' and run the command gpupdate /force. See Windows Event Viewer. When the Group Policy has been updated, reboot the client and installation should start (even before logon). 3. You may send files C:\Windows\jci.log or C:\Windows\smip.log to Jetico Technical Support for further assistance in solving the problem. III. Errors reported on a client computer when Manual or Outside deployment method runs When Administrator chooses Manual or Outside deployment method, JCM Console creates installation program like Administrator should run the program on client computers manually or use a third-party utility to distribute and run the program on the computers. The program generates log files C:\Windows\jci.log and C:\Windows\smip.log on the client machine. You may inspect contents of the files, perhaps text description of encountered errors will help to solve the problem. If you are not sure, please send the files to Jetico Technical Support for assistance in solving the problem. NOTE: The same log files are also available from JCM Console. To see the files, Administrator should run Client Log File command from right-click menu of the selected client computer. See also: Microsoft Remote System Administration Tools (RSAT) installation Pre-Deployment Steps Deployment Steps and States Push deployment method Jetico Central Manager Wizard 22

24 Central Management of Client Software The primary purpose of Jetico Central Manager is to provide the administrator of an enterprise network with a program to control client software on remote workstations. Jetico Central Manager controls the following client software: BCWipe: permanently delete selected data files on active workstations, including wipe free space. BCWipe can run different kinds of wiping tasks (wipe free space of disk drives, wipe temporary files or remnants of activity of programs like Internet Browsers, etc.). Every BCWipe Task can be run automatically according to schedule. With Jetico Central Manager, an administrator can create a BCWipe Task Set which consists of different types of BCWipe tasks. Then an administrator can configure BCWipe software on remote computers to run wiping tasks according to the Task Set. Administrator can create as many BCWipe Task Sets as needed. Every Task Set can be assigned to different computers or group of computers in the company network. Article Central Management of BCWipe explains how it can be done in detail. BestCrypt Container Encryption: store selected files or folders in encrypted containers with access to data through virtual drives. BestCrypt runs encrypt/decrypt operations transparently for the user as soon as a proper password for the container is entered. Administrator of Jetico Central Manager can configure BestCrypt Container Encryption on client computers to send information about encrypted container files to central database. Communication between client computers and server as well as information inside the database is encrypted. Only Supervisor or Administrator of the Jetico Central Manager Database can use the information about encrypted container in order to access the data inside the container in emergency cases, for example, if the user forgets password for the encrypted container. Read more about remote control of BestCrypt Container Encryption software in the Central Management of BestCrypt Container Encryption article. BestCrypt Volume Encryption: encrypt all data stored on whole Windows partitions or volumes. Jetico Central Manager is used to monitor usage of encrypted disk volumes, distribute encryption policies and centrally manage recovery information necessary to access encrypted data in case of emergency. With Jetico Central Manager, an administrator can initiate encryption/decryption of the client computers remotely from JCM Console. On client side, end-user only needs to enter/ set password to initiate encryption as configured by Administrator in JCM. Besides, JCM provides a way to set a protection policy for removable disks. Read article Removable Disks Protection for more information. The Jetico Central Manager Database receives information about encrypted disk volumes from client computers through secure communication channel. The information includes disk volume configuration of the computers and rescue information. Administrator can use the rescue information for recovery purposes, for example, if file system on encrypted disk volume becomes damaged. Read more about remote administrating of the software in Central Management of BestCrypt Volume Encryption article. Jetico Central Manager provides logging of the events happened on remote computers and logging of every action performed by Administrator in the Jetico Central Manager Console. Log information can be viewed at the right pane of the Jetico Central Manager Console at the corresponding client software tab. For example, to monitor BCWipe Log it is necessary to open BCWipe tab. Choose Show for all items option from the combo-box to display the events for all computers. To view the Log for specific computers select the needed computers in the left pane, then choose Show for selected items option from the combo-box at the right side. To hide the Log field press Do not show. It is possible to view the log events starting from the specific date - tick the box Since date and choose the date. The following columns can be displayed in the Log field: Date, Time, Computer, Action and others. To hide/show columns right-click on the column name and mark the desired columns. The maximum size of the Log File can be set in the Reports and Logs menu of Jetico Central Manager Console - Log File Settings command. 24

27 BCWipe on Client Computers BCWipe software on client computers provides secure deletion of sensitive information on various types of disk volumes (local partitions, dynamic disk volumes, network disks). What does secure deletion really mean? Well, when a user deletes files the operating system does not erase the contents of these files from the disk - only the references to these files are removed from file system tables. Sensitive data that you intended to erase remains intact on your hard drive and could easily be restored with a widely available undelete tool. Wiping is a term used to describe the process of overwriting contents of a file or disk space. When files are properly wiped data is erased beyond recovery. There are several types of information that should be wiped to avoid data leak: Wipe free disk space. When you delete sensitive files using a standard Windows Delete command, the operating system does not shred contents of the documents from hard drive, it just marks disk space earlier occupied by the files as 'free'. Wiping free disk space completely removes all the traces of the earlier deleted files. Delete with wiping. The user can delete and wipe file or folder as well as selected group of files or folders. Wipe Internet History. BCWipe can wipe all the traces of users' activity in the Internet - cache, cookies, browsing history, search history, saved passwords, last active tabs, etc. Besides of Internet Explorer, BCWipe supports Mozilla Firefox, Opera and Google Chrome browsers. Wipe local history (Wipe names of recently used files). BCWipe can wipe names of files opened with Windows components and some popular applications. It can wipe names stored on a subfolder as well as in Windows Registry. Transparent Wiping. When Transparent Wiping is activated on the computer, BCWipe will automatically wipe all contents of any file or folder that is deleted. This task can be active or suspended, but it cannot be scheduled for a predefined time. BCWipe can run wiping tasks for every type of wipe operation. Every wiping task can be run once or configured to run automatically according to some schedule. The picture below illustrates BCWipe Task Manager window with schedule for every wiping task. Jetico Central Manager allows an administrator to manage BCWipe software on client computers from a central management console. The idea of management is in the following. 1. In the Jetico Central Manager Console the administrator creates BCWipe Task Set. 27

28 2. The Task Set includes one or more wiping tasks (The picture above illustrates typical BCWipe Task Set with several wiping tasks: Delete with wiping, Wipe free space and others). 3. The administrator defines schedule for every wiping task in the Task Set. 4. In the Console the administrator assigns configured Task Set on selected computer or group of computers in a company network. If in future the administrator changes the Task Set, the client computer or group of computers will get BCWipe configuration updated. 5. The administrator can create as many Task Sets as needed for the company network. As a result different groups of computers may get different BCWipe Task Sets for their local configurations. 6. The administrator can monitor results of running tasks on client computers using following sources: Log information reported in the BCWipe Log field in BCWipe tab of Jetico Central Manager Console Status and Last error strings reported on the top part of BCWipe tab Detailed Log file generated by BCWipe process - the name and location of the file is specified in the Log File tab of the corresponding wiping task See also: Central Management of BCWipe Creating and editing BCWipe Task Sets Assisgning BCWipe Task Sets to client computers 28

29 Central Management of BCWipe After BCWipe deployment on remote computers the administrator of Jetico Central Manager can do the following to manage BCWipe on the computers: Create BCWipe Task Sets. Every Task Set is a unit of configuration information designed to be sent to remote computer where BCWipe client software is deployed. BCWipe offers the following wiping tasks: Wipe Free Space, Wipe Local History, Wipe Internet History, Delete With Wiping, Transparent Wiping and Swap File Encryption. Read more about wiping tasks in the BCWipe on client computers article. Assign selected BCWipe Task Set to a remote computer or group of computers in a company network to configure BCWipe client software on the computers. Since the administrator can create a number of BCWipe Task Sets, different group of computers can be configured with different Task Sets. Modify existing BCWipe Task Set. View log information concerning central management of BCWipe. It includes information about creating and modifying Task Sets, information from remote computers about changing configuration of BCWipe client software, about problems with BCWipe remote configuration and about results of wiping. Administrator controls BCWipe in an enterprise network with the Jetico Central Manager Console. To start managing BCWipe on remote computers, select computer or computers' group in the left pane of Console and BCWipe tab in the right pane. The following picture illustrates Jetico Central Manager Console when BCWipe tab is selected: There are a number of controls (radio buttons, lists and buttons) in the BCWipe tab. Selected Computer/Group text box shows name of computer or computers' group selected in the left pane of Jetico Central Manager Console. All the changes in BCWipe configuration administrator makes in the right pane will happen for the selected computer or group. Status area - contains deployment status of BCWipe on the selected computer/group, last operation performed on the selected computer and the last error happened on the computer. [Workplace] button to get information about all users who run BCWipe program on the selected computer. 29

30 [Reset error] button - to reset the information reported in the Last error field. Administrator can assign BCWipe Task Set to an individual computer or to group of computers. To assign selected Task Set to group of computers: 1. Select the group of computers in the left pane of Jetico Central Manager Console. 2. Set Inherit Task Set from the computers' Group radio button. 3. Select Task Set you want to use for the group of computers from the list of Task Sets. 4. Click [Assign]. 4. To assign selected Task Set to an individual computer: 5. Select the computer in the left pane of Jetico Central Manager Console. 6. Set Assign individual Task Set to the Computer radio button. 7. Select Task Set you want to use for the computer from the list of Task Sets. 8. Click [Assign]. After assigning or changing Task Set for computer or group, name of the Task Set will appear in the Active Task Set text box. Information about the changes will appear in the BCWipe Log window. Click [Create] to create a new BCWipe Task Set. Article Creating and editing BCWipe Task Sets describes in detail how to create new Task Set. Click [Edit] to change some properties of the selected Task Set. Article Creating and editing BCWipe Task Sets describes in detail how to edit existing Task Set. Set Block BCWipe for local user checkbox to prevent the user on the local computer from running BCWipe commands. Note that you can set the option for individual computer if Assign individual Task Set to the Computer option is set. If the option not set, the computer will inherit setting Block BCWipe for local user from the computer group that is a parent for the computer. BCWipe log area can show information concerning the selected computer only or all computers in database. Each string contains information about date, time, client computer name, user name, action performed, result and error code. Administrator can configure the log window so that it displays only selected columns. See also: Deployment of Client Software Remotely BCWipe on client computers Creating and editing BCWipe Task Sets Assigning BCWipe Task Sets to client computers 30

QUANTIFY INSTALLATION GUIDE Thank you for putting your trust in Avontus! This guide reviews the process of installing Quantify software. For Quantify system requirement information, please refer to the

Getting Started with MozyPro Online Backup Online Software from Time Warner Cable Business Class A Guide for Users MozyPro is an online backup service with an easy to use interface so you can start backing

NETWRIX EVENT LOG MANAGER QUICK-START GUIDE FOR THE ENTERPRISE EDITION Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not

Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,

Notes: STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER 1. These instructions focus on installation on Windows Terminal Server (WTS), but are applicable

NETWRIX PASSWORD MANAGER ADMINISTRATOR S GUIDE Product Version: 6.1 February/2012 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

Networking Best Practices Guide Version 6.5 Summer 2010 Copyright: 2010, CCH, a Wolters Kluwer business. All rights reserved. Material in this publication may not be reproduced or transmitted in any form

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS Notes 1. The installation of STATISTICA Enterprise Small Business entails two parts: a) a server installation, and b)

Quick Install Guide 1. Installation Overview Thank you for selecting Bitdefender Business Solutions to protect your business. This document enables you to quickly get started with the installation of Bitdefender

User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

User Guide CTERA Agent for Linux September 2013 Version 4.0 Copyright 2009-2013 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference May 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government

Installation Instruction STATISTICA Enterprise Small Business Notes: ❶ The installation of STATISTICA Enterprise Small Business entails two parts: a) a server installation, and b) workstation installations

User Guide CTERA Agent August 2011 Version 3.0 Copyright 2009-2011 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written permission

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)

For Mac OS X Software version 4.1.7 Version 2.2 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by other means.

For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by

Acronis Backup & Recovery 10 Server for Windows Acronis Backup & Recovery 10 Workstation Quick Start Guide 1. About this document This document describes how to install and start using any of the following

Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable for any problems arising from

Installing and Configuring WhatsUp Gold This guide provides information about installing and configuring WhatsUp Gold v14.2, including instructions on how to run the WhatsUp web interface through an Internet

For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by

ilaw Installation Procedure This guide will provide a reference for a full installation of ilaw Case Management Software. Contents ilaw Overview How ilaw works Installing ilaw Server on a PC Installing

. All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

User Guide CTERA Agent for Mac OS-X September 2013 Version 4.0 Copyright 2009-2013 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without

Pearl Echo Installation Checklist Use this checklist to enter critical installation and setup information that will be required to install Pearl Echo in your network. For detailed deployment instructions